Stolen Zoom passwords, accounts and meetings IDs being posted on dark web: Report
Each day seems to bring a new controversy for Zoom, the video calling service. The latest reports reveal that details of compromised Zoom accounts are being posted on the dark web, which again raises privacy and security concerns around the service. The details were discovered by cyber-security firm Sixgill, according to Yahoo Finance.
“On April 1st, an actor in a popular dark web forum posted a link to a collection of 352 compromised Zoom accounts. In comments on this post, several actors thanked him for the post, and one revealed intentions to troll the meetings,” a Sixgill spokesperson told Yahoo Finance.
The report adds that the leaked details include email addresses, passwords, meetings IDs, host keys and the type of Zoom account, which leaves them vulnerable to hacking attempts. One of the accounts also belonged to a major US healthcare provider, while seven belonged to education institutions, adds the report.
As Sixgill’s researchers note there is a chance that some of the hackers could misuse the information to troll meetings, while others could try to steal enterprise information or spy on these meetings. Especially since the owners of these Zoom accounts might not be aware that their account has been compromised.
Threat actor posts 352 compromised Zoom accounts for free download, including meeting Id, URL, Hostype #darkerthingsdaily #darkweb #trolling #eavesdropping #identitytheft #cybercriminals #cybersecurity pic.twitter.com/idzFuAvBPB
— Sixgill (@CyberSixgill) April 6, 2020
So far Zoom’s response to the issue has been that they are looking into the problem. As pointed out the stolen information does put the owners of these Zoom accounts at risk.
This is not the only problem to plague Zoom recently. The app, which has seen daily meetings boom to 200 million daily sessions has faced criticism over its privacy and security issues. It was revealed by the Citizen Lab in Toronto that Zoom was routing some calls through China servers, which raised privacy concerns. They also raised concerns over the encryption used by Zoom.
Zoom calls: Follow these simple steps to secure your meetings | Zoom’s boom coincides with spike in bugs, vulnerabilities and privacy issues
The company on its part has said that it had fixed the problem of the calls being routed via China and called it a mistake. However, the encryption part remains unclear. Zoom had also earlier claimed it was end-to-end encrypted, When reports revealed this was not the case, the company later apologised saying that this was not possible on Zoom calls.
Then there’s the issue of Zoombombing where trolls take over meetings. While Zoom has tried to mitigate the problem by making waiting rooms compulsory for all meetings, it looks like New York is not convinced. According to Gizmodo, New York City Mayor de Blasio announced that they would not allow school classes to take place over Zoom as they did not wish to put the privacy and data of students at risk. New York City is going for Microsoft Teams and Google Hangouts as the preferred alternative.